Gains clear view into its internal network with Trend Micro

Overview

Established in 2000 by NTT Docomo, Dentsu, and NTT Advertising, the D2C integrated digital marketing group is highly regarded for its mobile advertising and is expanding to take its digital market-based activities from Japan to the rest of Asia and beyond.

As a digital marketing company, security is important and it swiftly acquired PrivacyMark and an ISMS certification. Since targeted attacks and internal crime have recently become more prevalent, the company has also implemented security awareness training.

Challenges

D2C employees have access to a range of information in their work. “We manage web access and software using whitelists, but employees can use just about anything if they ask,” says D2C’s Yosuke Nohira. “Risk is inherent, so security is always important,” adds D2C’s Tatsuya Suzuki.

Increased damage from targeted attacks worldwide led D2C to shift its approach to IT in 2012 from information management to information security and overhaul its security. Out went antivirus software for personal use and in came Trend Micro™ OfficeScan™ to centralise virus detection and countermeasures. “The trial edition was extremely light,” recalls Nohira.

However, in 2014 an incident with its ASP email service led D2C to reconsider its security measures. “We didn’t know what was happening in our internal network, and information was potentially being leaked so virtualisation became an urgent issue,” says Nohira.

"We have been able to greatly reduce the amount of time we spend on security management and operations."

Why Trend Micro

D2C started looking for a solution to detect invisible threats and check for information leaks. It implemented Deep Discovery Inspector and took advantage of the Trend Micro Connected Threat Defence, which provides a layered approach to security that prevents, detects, and responds to threats.

“Network virtualisation and detecting unknown threats were key. Furthermore, the advantages of great manageability provided by using the same pattern file as OfficeScan, a single point of contact, and automated responses with a Connected Threat Defence were attractive,” says Nohira.

Solution

Deep Discovery Inspector monitors traffic with mirror ports and visualizes communication between a network and the internet. The sandbox inspects suspicious files, which met D2C’s requirements.

Deep Discovery Inspector sends detected threat information to OfficeScan via Trend Micro Control Manager. This enables threat detection and blocking, even for threats which cannot be detected by pattern files on the client side.

Results

D2C succeeded in getting a clearer picture inside their network with Deep Discovery Inspector. “Visualization of the network showed us a lot of suspicious email slipped through the spam filter,” says Mr. Nohira.

Deep Discovery Inspector, thanks to its integration with OfficeScan, detected information and D2C isolated suspicious devices. Suspicious files and URLs/IP addresses that were detected were handled manually – not processed or blocked. However, this recently changed. “Just after the WannaCry ransomware caused a global uproar, we saw a massive increase in suspicious email, sometimes a few hundred a day. We couldn’t keep up, so we made changes to ensure suspicious files, URLs, and IP addresses were automatically isolated, and got through it without damage,” says Nohira. There has been no impact on business through false detection and the operational load has decreased by half.

Also, by adopting Deep Discovery Inspector’s threat levels, D2C has a company-wide standard for situations requiring an urgent response, allowing anyone to respond appropriately. “Deep Discovery Inspector reports are really helpful. We can identify the kind of attack and if there is a risk of information leakage, so it’s easier to explain things to management,” says Suzuki.

What's Next

“We used to just assume we were alright, but Deep Discovery Inspector showed us the real state of affairs. Our CISO highlighted the potential for cyberattacks to be launched against NTT Docomo and Dentsu through D2C, so we will keep concentrating on security, firstly focusing on email security and other countermeasures,” says Suzuki.

“We have a small security team meaning a full SIEM implementation is unrealistic, so we want to leverage Trend Micro’s Connected Threat Defence and correlation analysis to create something similar,” adds Nohira.